Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1431
Views
0
Helpful
1
Replies

Migrating NAT from ASA to Firepower - "Same mapped parameter cannot be used to do both NAT and PAT"

bascheew
Level 1
Level 1

‎08-15-2018 12:43 PM - edited ‎03-12-2019 04:09 AM

We are migrating from an ASA to Firepower and we're running into an error when configuring NAT.  One of our networks is PATed out a secondary IP on the outside interface.  That same secondary IP is also used for a couple of static NATs.  On the ASA, this was not a problem:

nat (Network-B,Outside) source static Network-B_Server10 1.1.1.30 service 25 25 description SMTP to Network-B
nat (Network-B,Outside) source static Network-B_Server10 1.1.1.30 service 443 443 description HTTPS to Network-B
nat (Network-B,Outside) after-auto source dynamic any 1.1.1.30

  

On the Firepower when I attempt to replicate this setup I receive the following error when I attempt to save the new NAT rules in the FMC:

 

"Same mapped parameter cannot be used to do both NAT and PAT"

 

(Network-B) to (Outside) source static Network-B_Server10 1.1.1.30  service SVC_579820588089 SVC_579820588089 description Network-B SMTP
(Network-B) to (Outside) source static Network-B_Server10 1.1.1.30  service SVC_579820588090 SVC_579820588090 description Network-B HTTPS
(Network-B) to (Outside) source dynamic any pat-pool 1.1.1.30

Any ideas?

 

Thanks!

2 people had this problem
Labels:
0 Helpful
1 Reply 1

Mohammed al Baqari
Level 11
Level 11

‎08-16-2018 12:39 AM

In ASA, this will through a warning once you apply the PAT statement.
Unfortunately, FP won't let you do it
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card